Security glossary
What is account takeover?
Account takeover (ATO) is when someone gains control of your account and can change settings, spend money, or lock you out.
Last reviewed: 2026-05-23
In plain English
Attackers usually get in through reused passwords, phishing, or weak account recovery routes.
The first signs are often password reset emails you did not request, new devices, or changed recovery details.
ATO can spread: if email is taken over, attackers can reset many other accounts.
Real-world example
An attacker changes your recovery email and then resets your shopping, social, and storage accounts.
What you should do
- Secure your primary inbox first, then reset critical accounts.
- Review active sessions and remove unknown devices.
- Set stronger recovery methods and keep backup codes offline.
Related terms
What is credential stuffing?
Credential stuffing is when attackers test leaked email-password pairs on many websites, hoping people reused passwords.
What is multi-factor authentication (MFA)?
MFA adds a second login check after your password, like an app code or hardware key.
What is SIM swapping?
SIM swapping is when attackers convince a telecom provider to move your number to their SIM card.